Re: Nat as a security measure
Also as NAT often goes hand in hand with PAT on a router, generally the set up to allow access to a server with a private IP via NAT specifies the port to allow it on.
It is much easier to accidentally open up access to a single IP (IPv6) from public and not open up a single port.
Also from a firewall point of view the separation between your private/trusted network and your public network is defined and obvious from the network address space. WIthout NAT and pure public addresses you must ensure you are using the interfaces correctly on your firewall to segregate the traffic. With a simple two interface firewall that is not a problem. However when you have multi-DMZ using a mix of physical and virtual interfaces and semi trusted zones there is more room for a misconfiguration.
Sure anyone dealing with high end firewalls will have a good ITSM procedure configuration testing etc, but a busy IT team with no specialists and multiple configurators can make mistakes.